Be on Alert – Fraudulent Employment Offers. Learn More
Information Assurance Security Specialist
ICF is seeking an experienced Information Assurance Security Specialist to support a Cybersecurity Risk Management and Compliance program. Your work will contribute and support comprehensive assessments of implemented controls and control enhancements to determine control effectiveness (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization).
This role is based in Washington, DC. This is an opportunity to contribute to an important project from its beginning, work with the latest and emerging technologies, and all while building a great career at ICF!
The control assessor performs assessments as required by the organization’s continuous monitoring strategy which identifies the minimum monitoring frequency for implemented controls across organization; defines the ongoing control assessment approach; and describes how ongoing assessments are to be conducted (e.g., addressing the use and management of automated tools, and instructions for ongoing assessment of controls for which monitoring cannot be automated). For system-level control assessments, the control assessor does not assess inherited controls, and only assess the system-implemented portions of hybrid controls. The control assessor prepares security and privacy assessment reports containing the results and findings from assessments. The control assessor provides an assessment of the severity of the deficiencies discovered in the system, environment of operation, and common controls and recommends corrective actions to address identified vulnerabilities. The control assessor facilitates development of corrective action plans of actions and milestones (POA&M).
What you will be doing:
- Possesses and applies a comprehensive knowledge across key tasks and high impact assignments. Plans and leads major technology assignments
- Evaluates performance results and recommends major changes affecting short-term project growth and success
- Functions as a technical expert across multiple project assignments. May supervise others.
- Determines enterprise information assurance and security standards.
- Develops and implements information assurance/security standards and procedures.
- Coordinates, develops, and evaluates security programs for an organization.
- Recommends information assurance/security solutions to support customers’ requirements.
- Identifies, reports, and resolves security violations.
- Supports customers at the highest levels in the development and implementation of doctrine and policies.
- Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
- Provides integration and implementation of the computer system security solution.
- Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
- Ensures that all information systems are functional and secure.
- Five (5) to ten (10) years of experience within the subject area with a bachelor's degree and senior industry professional certification such as a Certified Information Systems Security Professional (CISSP) or equivalent
- Experience conducting vulnerability scans and recognizing vulnerabilities in security systems
- Experience identifying and reviewing appropriate documentation to validate control design, implementation, and operation
- Experience planning and performing appropriate interviews to validate control design, implementation, and operation
- Experience interfacing with customers
- Experience performing impact/risk assessments.
- Knowledge of federal and industry cyber regulatory compliance requirements
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of cyber defense and vulnerability assessment tools and their capabilities
- Knowledge of Security Assessment and Authorization process
- Knowledge of Risk Management Framework (RMF) requirements
- Experience using SAST/DAST application vulnerability analysis tool
- Experience with DoD’s ACAS and HBSS systems
- Experience in Test & Evaluation requirements and reporting
- Knowledge of DoD cybersecurity requirements to include Security Technical Implementation Guides (STIGs), IAVM patching guidelines, etc.
- Experience performing root cause analysis
- Knowledge of penetration testing principles, tools, and techniques
- Knowledge of current and developing IT and cybersecurity concerns and trends, federal and industry cyber regulatory compliance requirements
- Knowledge of system and application security threats and vulnerabilities
- Knowledge of systems diagnostic tools and fault identification techniques
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.
Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email email@example.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
DC Client Office (DC88)